Blog

Blog

Federal agencies given five days to find hacked Exchange servers

CISA, the US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, has told federal agencies that they have until 12:00pm EDT on Monday April 5 to scan their networks for evidence of intrusion by malicious actors, and report back the results. CISA is ordering agencies with on-premises Microsoft Exchange servers to...
Blog

Report: USB threats to ICS systems have nearly doubled

The latest Honeywell USB Threat Report 2020 indicates that the number of threats specifically targeting Operational Technology systems has nearly doubled from 16% to 28%, while the number of threats capable of disrupting those systems rose from 26% to 59% over the same period. Let’s face it. Critical infrastructure operators in manufacturing,...
Blog

Role of Encryption in GDPR Compliance

Encryption has been a hot topic of discussion during the implementation phase of most data privacy laws. In the age where organizations are dealing with large volumes of data each day, the protection of this sensitive data is critical. The data, which is seen as a business-critical asset for organizations, should be protected against malicious...
Blog

Survey: 99% of Security Pros Struggling to Secure Their IoT & IIoT Devices

Organizations are increasingly introducing new Internet of Things (IoT) devices into their environments. According to Statista, the aggregate number of IoT devices deployed by organizations globally increased from 7.74 billion in 2019 to around 8.74 billion a year later. The market and consumer data firm reported that the next few years will see...
Blog

Average ransomware payouts shoot up 171% to over $300,000

Organisations hit by ransomware attacks are finding themselves paying out more than ever before, according to a new report from Palo Alto Networks. The Unit 42 threat intelligence team at Palo Alto Networks teamed up with the incident response team at Crypsis to produce their latest threat report which looks at the latest trends in ransomware, and...
Blog

How Tripwire Does Configuration Management Differently

So many times, we hear companies say, “Our tools are just like Tripwire’s,” “We do configuration management just like Tripwire” and “We can push out policy just like Tripwire.” But as we say, this just ain’t necessarily so. You might be able to do configuration management using a “Tripwire-like” tool. You might configure it and use it set up a...
Blog

Ransomware on the Rise: How to Keep You & Your Company Safe

Due in large part to COVID-19 and the increased prevalence of remote work, ransomware attacks dominated 2020, and experts predict there will be at least twice as many cases of data theft in the new year.The U.S. Cybersecurity & Infrastructure Security Agency defines ransomware as “a type of malicious software, or malware, designed to deny access to a...
Blog

How Can the Trucking Industry Secure Their Telematics?

The trucking sector is essential to countless other industries. Without reliable transportation, supply chains would crumble, and companies and consumers would face shortages. With so much riding on it, it’s no wonder why the industry has fully embraced technology like telematics in recent years. Telematics refers to the suite of technologies...
Blog

6 Cloud Security Resources that You Should Be Using

It’s easy to get overwhelmed with the number of cloud security resources available. How do you know which sources to trust? Which ones should inform your security strategies? Which reports will actually improve your cloud security posture? Let’s first look at six cloud security guides that you should be using. These resources provide action items...
Blog

CISO Soup: Data Breaches, Strategy and Cybersecurity Culture

For the longest time, those of us who occupy the role of the CISO have fought for our seat at the 'big table.' Although it appears some of us are being invited into the C-suite, there is still a long way for us to go.This is highlighted in a 2021 report provided BT, which places "CISOs under the spotlight" and illuminates some interesting and...
Blog

To Patch or Not to Patch in OT – That Is the Real Challenge

The objective of an organization when implementing cybersecurity controls is to eliminate risk, but this oftentimes involves settling for managing risk at an acceptable level. Each organization defines what that acceptable level is depending on several factors including the environment, the criticality of function, the asset type, etc.There are many...
Blog

4 Strategies to Mitigate Pass-the-Cookie Attacks

Another year, another new set of cybersecurity threats to overcome, outwit and mitigate against. At the beginning of 2021, the cybersecurity world was informed by CISA (the USA Cybersecurity and Infrastructure Security Agency) of a spate of attacks targeting cloud environment configurations, supposedly occurring as a result of the increase in remote...
Blog

Navigating Transformation with Managed Cybersecurity Services

The coronavirus pandemic has added new layers to the threat landscape facing corporate security leaders in 2020 and going into 2021, as well. As businesses and workforces sought to adapt rapidly to remote working at scale, malicious groups and other threat actors began exploiting opportunities to target stressed people and systems with malware. The...
Blog

Reverse Engineering: A Security Researcher's Toolkit

Craig Young, Principal Security Researcher at Tripwire, unpacks the modern security researcher's toolkit to reverse engineer complex designs. https://open.spotify.com/episode/3Je17m2Sc4mNGMcDD8Cc45?si=wrdchOOLTJ-KQOxtyw0Low Spotify: https://open.spotify.com/show/5UDKiGLlzxhiGnd6FtvEnm Stitcher:...
Blog

What Does the HIPAA Safe Harbor Bill Mean for Your Practice?

Getting incentives for the best security practices is a win-win for all healthcare-related entities. For one, you are getting incentives, and secondly, you are making sure that you have a rock-solid defense in terms of security. Many organizations find that the rules and regulations that HIPAA entails are too extensive and overwhelming, however....
Blog

Criminals arrested after trusting encrypted chat app cracked by police

Police in the Netherlands and Belgium have made hundreds of raids, and arrested at least 80 people, after cracking into an encrypted phone network used by organised criminals. In a press release, Europol said that crime-fighting authorities in France, Belgium and the Netherlands had not only arrested a large number of suspected criminals, but also...
Blog

Combating Risk Negligence Using Cybersecurity Culture

With a growing number of threat sources and successful cybersecurity attacks, organizations find themselves in a tricky spot if they wish to survive cyberspace. Oftentimes, the adversaries are not the challenge; the obstacle is the organization’s culture. Just like culture influences who we are as a people, culture influences the cybersecurity tone of...
Blog

How FIM Is More Than Just About Maintaining Compliance

The purpose of every security team is to provide confidentiality, integrity and availability of the systems in the organization. We call it “CIA Triad” for short. Of those three elements, integrity is a key element for most compliance and regulations.Some organizations have realized this and decided to implement File Integrity Monitoring (FIM). But...